Sustainable Sustworks - Tools for Internet Travel
Inspired Tools for the Mac


IPNetRouterX ReadMe


1. Introduction
2. Features
3. System Requirements
4. Installation and Removal
5. How To Get Started
6. Version History
7. Registration and Licensing
8. Thank You! (contact information)

1. Introduction

IPNetRouterX is a powerful router, firewall, and network management utility including NAPT with inbound port mapping, a built-in DHCP Server, DNS Server, transparent proxying, load balancing, automatic failover, TCP rate limiting, and bandwidth accounting.

Using IPNetRouterX you can share a network connection among multiple users, provide DHCP service, configure an AirPort software base station, allocate network bandwidth to match business priorities, audit network usage, and secure your LAN against undesirable traffic or network abuse.

If you prefer not to read detailed instructions, open the IPNetRouterX QuickStart ReadMe to begin using the software immediately.


2. Features

  • Flexible easy to configure network sharing, inbound port mapping, DHCP server, and local caching DNS.
  • Uses in kernel single address space AVL search trees for best in class firewall and NAT performance.
  • Incorporates IPNetSentryX to provide powerful network filtering, bandwidth accounting, and rate limiting for an entire LAN.

IPNetSentryX Features:

  • Provides intelligent protection without expert configuration.
  • Does not interfere with normal network operation or software.
  • Hierarchical filter rules are easy to understand, efficient, and offer exceptional control over network traffic.
  • Supports data content filtering to stop Internet worms.
  • Safely ignores promiscuous TCP resets.
  • Unique on screen updates show firewall rules in action.
  • Includes tools to identify the source of suspected intruders.
  • Flexible network event monitoring and Email notification.
  • Full Macintosh user interface makes these tools more accessible

The simple well organized display with built-in examples allow both new
and experienced Internet users to benefit from a powerful firewall router intrusion detector.


3. IPNetRouterX System requirements

Version 1.1.2 Requires Mac OS X 10.2.8 (Jaguar) or later.
Version 1.2 Requires Mac OS X 10.3.9 (Panther) or later.
Version 1.4 Requires Mac OS X 10.4 (Tiger) or later.
Mac on Intel requires version 1.2 or later.
Mac OS X Leopard requires version 1.3 or later.

4. Installation and Removal

To install or remove the software, simply drag a copy to your hard drive. The first time IPNetRouterX is run it will ask you to authenticate to complete the installation process.

Under UNIX operating systems including Mac OS X, certain operations require special permission or privileges to prevent unauthorized users from disrupting or spying on other users. While well intentioned, these conventions are often inappropriate for a "personal" computer where a single user owns and administers the system. Among the operations that require such privileges are monitoring all network traffic.

IPNetRouterX takes the personal computer view that the user should normally be in control of their computer, so tries to minimize the disruption of asking the user to prove they are authorized to perform the requested operation.

To control network traffic, IPNetRouterX includes a tiny server application named "LoadNKE" that must run as suid root. When IPNetRouterX is first run after being copied to a new location, it checks to see if the LoadNKE tool is present and set to suid root. The same process is repeated for "RunTCPDump", and "RunTCPFlow". If any of these tools are not authorized, it asks you to authenticate so it can configure them to run as suid root. You might think of this as completing the installation process. From that point on, no further authentication is necessary to perform any of the restricted operations IPNetRouterX supports.

Normally allowing small programs to execute as root is not a problem unless the program seeks to compromise your system or is exploited by another program to carry out such an attack. The best defense against such exploits at this time is to only run software from reputable developers. IPNetRouterX takes advantage of Leopard Code signing to alert you of any unintended modifications to the software.

IPNetRouterX uses a Network Kernel Extension (NKE) to intercepts network traffic while the Firewall or NAT is enabled. When the firewall is disabled, the NKE module is automatically removed from the corresponding data stream. The NKE normally remains loaded until you restart your system since other applications might be using it. You can try forcing the NKE to unload by selecting "Unload NKE" from the IPNetRouterX application menu. This feature allows you to load a newer version of the NKE without restarting your system. The NKE will only unload when all monitoring connections to it have been stopped.

To remove the software, drag the IPNetRouterX application to the trash. If you wish to remove the supporting files installed with the software, you may drag /Library/Application Support/IPNetRouterX to the trash as well. This may ask you to authenticate since some of the helper tools have been configured to allow privileged operations and are "owned" by root. If you configured IPNetRouterX to launch as a Mac OS X startup item, you wish to stop that instance using Apple's Activity Monitor and remove the corresponding startup item file.


5. How to Get Started

If you prefer not to read detailed instructions, open the IPNetRouterX QuickStart ReadMe to begin using the software immediately.

To begin using IPNetRouterX, launch the application completing the installation process if necessary. An untitled firewall document appears containing the default firewall configuration. Use the disclosure triangles along the left side of the outline to examine any rules in more detail. Option-Expand will expand all the rules beneath a single item.

When you are ready, press "Apply" to load your firewall rules to the network kernel and select "Firewall On". Congratulations, you now have basic firewall protection. You can watch as network traffic matching a firewall rule is detected (select "Match Count" under the Parameter PopUp) or check the Log to see suspected intruders being denied access. You can edit and "Apply" new rules at any time without restarting the firewall. Notice the IPNetRouterX application must be running for the firewall to be active (this may change in a future version). No windows need be open however.

To configure Internet sharing, begin by setting up any IP interfaces you need using Mac OS X's Network Preferences Panel. Once your IP interfaces have been configured, you can then designate which interface will be used as your connection to the public Internet (External + NAT) under the Interfaces tab. To configure inbound port mapping, use the Port Mapping tab. IPNetRouterX supports several advanced NAT features including ICMP translation, local NAT, single Ethernet, and one-way satellite or cable systems.

To configure the built-in DHCP Server, select DHCP Server under the Tools menu. To use the default settings, simply check "DHCP Server On".

To configure IPNetRouterX as an AirPort software base station, select AirPort under the Tools menu.

Of course there is much more you can do.

Help is available on the various tools and features from the Help menu. If you press Option-Help, the corresponding help file will open in your web browser which may be more convenient for browsing. This is probably the best way to familiarize yourself with the more advanced features of the software since you can experiment with the window while you read the description.

Notice some rules in the default configuration may be disabled. You can easily turn individual firewall rules on or off to experiment or satisfy more advanced requirements. To enable or disable individual firewall rules, use the corresponding checkbox in the left most column and press "Apply" to invoke your changes. You can save your customized settings as IPNetRouterX documents and invoke them automatically at login time or when your system starts up.

Once you are comfortable IPNetRouterX is working as desired, you can configure it to launch as a Mac OS X startup item outside the context of any user login. To do this drag the "" startup item in /Library/Application Support/IPNetRouterX/HelperTools to /Library/StartupItems. You can launch IPNetRouterX from the Finder and select "Tool->Expert View" to see the currently running firewall status. If you encounter difficulty, you can restart while pressing the Shift key to prevent startup items from loading and then remove IPNetRouterX from the /Library/StartupItems folder.


6. IPNetRouterX Version History

See "Release Notes" under IPNetRouterX Help for version history including the latest features and additions.


7. Registration and Licensing

IPNetRouterX is commercial software subject to the terms of the accompanying License Agreement. You may use a demo version of the software during a single trial period of up to 21 days. You must then register the software if you wish to continue using it beyond the trial period.

Notice the trial is designed to expire after 21 days. If the software reports it has expired the first time you launch it, this usually means someone ran a previous version of the program on your computer. Please contact us directly for information on how to reset the trial period.

Once you have downloaded the application, you can register it on-line at

A "registration key" that unlocks the trial period will be sent to you by email once your registration information is received. You can simply copy the text of this Email message to the clipboard (as if you were going to paste it into another application) and then launch the IPNetRouterX application, or paste into the "registration key" field of the registration window or demo startup dialog. Your program is now registered. Thank You!

Single User $100
Upgrade $50

Additional payment details are available on our registration web page at



8. Thank You!

We hope you find our IPNetRouterX software useful and look forward to your comments and suggestions.

Support help <>

or mail us at:

Sustainable Softworks
13 Fieldside DR
Cumberland, RI 02864 USA

[End of ReadMe]